1 files changed, 235 insertions, 0 deletions
diff --git a/static/freebsd/man7/provider-skeymgmt.7 b/static/freebsd/man7/provider-skeymgmt.7
new file mode 100644
index 00000000..0c980448
--- /dev/null
+++ b/static/freebsd/man7/provider-skeymgmt.7
@@ -0,0 +1,235 @@
+.\" -*- mode: troff; coding: utf-8 -*-
+.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
+.ie n \{\
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds C`
+.    ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
+..
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
+.\}
+.rr rF
+.\"
+.\" Required to disable full justification in groff 1.23.0.
+.if n .ds AD l
+.\" ========================================================================
+.\"
+.IX Title "PROVIDER-SKEYMGMT 7ossl"
+.TH PROVIDER-SKEYMGMT 7ossl 2026-04-07 3.5.6 OpenSSL
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH NAME
+provider\-skeymgmt \- The SKEYMGMT library <\-> provider functions
+.SH SYNOPSIS
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/core_dispatch.h>
+\&
+\& /*
+\&  * None of these are actual functions, but are displayed like this for
+\&  * the function signatures for functions that are offered as function
+\&  * pointers in OSSL_DISPATCH arrays.
+\&  */
+\&
+\& /* Key object destruction */
+\& void OSSL_FUNC_skeymgmt_free(void *keydata);
+\&
+\& /* Key object import and export functions */
+\& void *OSSL_FUNC_skeymgmt_import(void *provctx, int selection,
+\&                                 const OSSL_PARAM params[]);
+\& int OSSL_FUNC_skeymgmt_export(void *keydata, int selection,
+\&                               OSSL_CALLBACK *param_cb, void *cbarg);
+\& void *OSSL_FUNC_skeymgmt_generate(void *provctx,
+\&                                   const OSSL_PARAM params[]);
+\& const OSSL_PARAM *OSSL_FUNC_skeymgmt_gen_settable_params(void *provctx);
+\& const OSSL_PARAM *OSSL_FUNC_skeymgmt_imp_settable_params(void *provctx);
+\& const char *OSSL_FUNC_skeymgmt_get_key_id(void *keydata);
+.Ve
+.SH DESCRIPTION
+.IX Header "DESCRIPTION"
+The SKEYMGMT operation doesn\*(Aqt have much public visibility in the OpenSSL
+libraries, rather it is an internal operation that is designed to work
+with operations that use opaque symmetric keys objects.
+.PP
+The SKEYMGMT operation shares knowledge with the operations it works with,
+therefore the SKEYMGMT and the algorithms which use it must belong to the same
+provider.  The OpenSSL libraries will ensure that they do.
+.PP
+The primary responsibility of the SKEYMGMT operation is to hold the
+provider side key data for the OpenSSL library EVP_SKEY structure.
+.PP
+All "functions" mentioned here are passed as function pointers between
+\&\fIlibcrypto\fR and the provider in \fBOSSL_DISPATCH\fR\|(3) arrays via
+\&\fBOSSL_ALGORITHM\fR\|(3) arrays that are returned by the provider\*(Aqs
+\&\fBprovider_query_operation()\fR function
+(see "Provider Functions" in \fBprovider\-base\fR\|(7)).
+.PP
+All these "functions" have a corresponding function type definition
+named \fBOSSL_FUNC_{name}_fn\fR, and a helper function to retrieve the
+function pointer from a \fBOSSL_DISPATCH\fR\|(3) element named
+\&\fBOSSL_FUNC_{name}\fR.
+.PP
+\&\fBOSSL_DISPATCH\fR\|(3) arrays are indexed by numbers that are provided as
+macros in \fBopenssl\-core_dispatch.h\fR\|(7), as follows:
+.PP
+.Vb 1
+\& OSSL_FUNC_skeymgmt_free                 OSSL_FUNC_SKEYMGMT_FREE
+\&
+\& OSSL_FUNC_skeymgmt_import               OSSL_FUNC_SKEYMGMT_IMPORT
+\& OSSL_FUNC_skeymgmt_export               OSSL_FUNC_SKEYMGMT_EXPORT
+\&
+\& OSSL_FUNC_skeymgmt_generate             OSSL_FUNC_SKEYMGMT_GENERATE
+\&
+\& OSSL_FUNC_skeymgmt_get_key_id           OSSL_FUNC_SKEYMGMT_GET_KEY_ID
+\& OSSL_FUNC_skeymgmt_imp_settable_params  OSSL_FUNC_SKEYMGMT_IMP_SETTABLE_PARAMS
+\& OSSL_FUNC_skeymgmt_gen_settable_params  OSSL_FUNC_SKEYMGMT_GEN_SETTABLE_PARAMS
+.Ve
+.PP
+The SKEYMGMT management is inspired by KEYMGMT but is simpler.
+.SS "Key Objects"
+.IX Subsection "Key Objects"
+A key object is a collection of data for an symmetric key, and is
+represented as \fIkeydata\fR in this manual.
+.PP
+The exact contents of a key object are defined by the provider, and it
+is assumed that different operations in one and the same provider use
+the exact same structure to represent this collection of data, so that
+for example, a key object that has been created using the SKEYMGMT
+interface can be passed as is to other algorithms from the same provider
+operations, such as \fBOSSL_FUNC_mac_init_opaque()\fR (see
+\&\fBprovider\-mac\fR\|(7)).
+.PP
+With the export SKEYMGMT function, it\*(Aqs possible to select a specific
+subset of data to handle, governed by the bits in a \fIselection\fR
+indicator.  The bits are:
+.IP \fBOSSL_SKEYMGMT_SELECT_SECRET_KEY\fR 4
+.IX Item "OSSL_SKEYMGMT_SELECT_SECRET_KEY"
+Indicating that the secret key raw bytes in a key object should be
+included.
+.IP \fBOSSL_SKEYMGMT_SELECT_PARAMETERS\fR 4
+.IX Item "OSSL_SKEYMGMT_SELECT_PARAMETERS"
+Indicating that the parameters in a key object should be
+included.
+.PP
+Combined selector bits are also defined for easier use:
+.IP \fBOSSL_SKEYMGMT_SELECT_ALL\fR 4
+.IX Item "OSSL_SKEYMGMT_SELECT_ALL"
+Indicating that everything in a key object should be included.
+.PP
+The exact interpretation of those bits or how they combine is left to
+each function where you can specify a selector.
+.SS "Destructing Function"
+.IX Subsection "Destructing Function"
+\&\fBOSSL_FUNC_skeymgmt_free()\fR should free the passed \fIkeydata\fR.
+.SS "Key Object Import and Export Functions"
+.IX Subsection "Key Object Import and Export Functions"
+\&\fBOSSL_FUNC_skeymgmt_import()\fR should import data into \fIkeydata\fR with values
+taken from the \fBOSSL_PARAM\fR\|(3) array \fIparams\fR. It allocates the \fIkeydata\fR
+object (there is no separate allocation function).
+.PP
+\&\fBOSSL_FUNC_skeymgmt_imp_settable_params()\fR returns a list of parameters that can
+be provided to the \fBOSSL_FUNC_skeymgmt_import()\fR function.
+.PP
+\&\fBOSSL_FUNC_skeymgmt_export()\fR should extract values indicated by \fIselection\fR
+from \fIkeydata\fR, create an \fBOSSL_PARAM\fR\|(3) array with them and call
+\&\fIparam_cb\fR with that array as well as the given \fIcbarg\fR.
+The passed \fBOSSL_PARAM\fR\|(3) array is transient and is freed upon the return from \fIparam_cb\fR.
+.SS "Key Object Generation Functions"
+.IX Subsection "Key Object Generation Functions"
+\&\fBOSSL_FUNC_skeymgmt_generate()\fR creates a new key according to the values
+taken from the \fBOSSL_PARAM\fR\|(3) array \fIparams\fR. It allocates the \fIkeydata\fR
+object.
+.PP
+\&\fBOSSL_FUNC_skeymgmt_gen_settable_params()\fR returns a list of parameters that can
+be provided to the \fBOSSL_FUNC_skeymgmt_generate()\fR function.
+.SS "Key Object Information functions"
+.IX Subsection "Key Object Information functions"
+\&\fBOSSL_FUNC_skeymgmt_get_key_id()\fR returns a NUL\-terminated string identifying the
+particular key. The returned string will be freed by a call to \fBEVP_SKEY_free()\fR
+so callers need to copy it themselves if they want to preserve the value past
+the key lifetime.  The purpose of this function is providing a printable string
+that can help users to access the specific key.  The content of this string is
+provider\-specific.
+.SS "Common Import and Export Parameters"
+.IX Subsection "Common Import and Export Parameters"
+See \fBOSSL_PARAM\fR\|(3) for further details on the parameters structure.
+.PP
+Common information parameters currently recognised by built\-in
+skeymgmt algorithms are as follows:
+.IP """raw\-bytes"" (\fBSKEY_PARAM_RAW_BYTES\fR) <octet string>" 4
+.IX Item """raw-bytes"" (SKEY_PARAM_RAW_BYTES) <octet string>"
+The value represents symmetric key as a byte array.
+.IP """key\-length"" (\fBSKEY_PARAM_KEY_LENGTH\fR) <integer>" 4
+.IX Item """key-length"" (SKEY_PARAM_KEY_LENGTH) <integer>"
+The value is the byte length of the given key.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fBOSSL_FUNC_skeymgmt_import()\fR and \fBOSSL_FUNC_skeymgmt_generate()\fR return a pointer
+to an allocated object on success and NULL on error.
+.PP
+\&\fBOSSL_FUNC_skeymgmt_export()\fR returns 1 for success or 0 on error.
+.PP
+\&\fBOSSL_FUNC_skeymgmt_get_key_id()\fR returns a pointer to a 0\-terminated string or NULL.
+.PP
+\&\fBOSSL_FUNC_skeymgmt_gen_settable_params()\fR and \fBOSSL_FUNC_skeymgmt_imp_settable_params()\fR
+return references to an array of \fBOSSL_PARAM\fR which can be NULL if there are
+no settable parameters.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fBprovider\fR\|(7), \fBEVP_SKEY\fR\|(3), \fBEVP_KEYMGMT\fR\|(3)
+.SH HISTORY
+.IX Header "HISTORY"
+The SKEYMGMT interface was introduced in OpenSSL 3.5.
+.SH COPYRIGHT
+.IX Header "COPYRIGHT"
+Copyright 2024\-2025 The OpenSSL Project Authors. All Rights Reserved.
+.PP
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+<https://www.openssl.org/source/license.html>.